3a73fcb42709668c538b5b3c1be22bef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a73fcb42709668c538b5b3c1be22bef_JaffaCakes118
Size

256KB
MD5

3a73fcb42709668c538b5b3c1be22bef
SHA1

89bc918adde1e6388f9539a79cd90e8842df2531
SHA256

e10a4b9a293a67eb1f00e99f6c5406fae771217860e1b665fee1394741579199
SHA512

3086fbf499218543cef9bef62e1bfa009ed23fdc21b020cc480ece0ac25561121a5a4c13592f079e66396331b805e59a9a6bd3a7e7852da3b3ea421b9ae97ac6
SSDEEP

6144:ot7WiO7KfEiaNXcBJ/nzpzSC3Wbx2i+y6T7T:ot78bd+zB3WbQTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a73fcb42709668c538b5b3c1be22bef_JaffaCakes118

Files

3a73fcb42709668c538b5b3c1be22bef_JaffaCakes118
.exe windows:5 windows x86 arch:x86

70566d6ea67176bd043fdc1bd0e57678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\exe.pdb

Imports

msvcrt

strstr
strlen
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
srand
rand
memset
memcpy
_except_handler3

ntdll

ZwQueryInformationThread

shlwapi

PathFileExistsA
SHDeleteKeyA

psapi

GetModuleInformation

ws2_32

connect
gethostbyname
WSAResetEvent
WSACreateEvent
socket
inet_addr
send
WSAAddressToStringA
WSAStartup
getaddrinfo
WSACleanup
freeaddrinfo
closesocket
htons
bind
sendto
setsockopt
WSAGetLastError
WSARecvFrom
gethostname

iphlpapi

GetAdaptersInfo

wintrust

WinVerifyTrust

mpr

WNetOpenEnumA
WNetCloseEnum
WNetAddConnection2A
WNetCancelConnection2A

rpcrt4

UuidToStringA
UuidFromStringA

kernel32

CreateProcessA
FindFirstFileA
GetLogicalDriveStringsA
RemoveDirectoryA
FindClose
FindNextFileA
SetNamedPipeHandleState
FlushViewOfFile
OpenThread
CreateNamedPipeA
FlushFileBuffers
DisconnectNamedPipe
Thread32Next
ConnectNamedPipe
GetCurrentProcess
SetFileAttributesA
CreateDirectoryA
GetFileAttributesA
GetLogicalDrives
MoveFileExA
TerminateThread
GetWindowsDirectoryA
GetCurrentProcessId
GetLocalTime
GetExitCodeProcess
GetDriveTypeA
lstrcpynA
DeviceIoControl
GetSystemDirectoryA
GlobalFree
GlobalAlloc
TransactNamedPipe
CreateFileA
FindResourceA
FreeResource
lstrlenA
FreeLibrary
Process32First
GetTickCount
WriteFile
Sleep
SizeofResource
ReadFile
lstrcmpiA
GetProcAddress
Process32Next
LockResource
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
CreateToolhelp32Snapshot
CloseHandle
GetSystemTime
DeleteFileA
lstrcpyA
ExitProcess
GetFileSize
SetFilePointer
VirtualQuery
SetEndOfFile
SetFileTime
lstrcatA
MultiByteToWideChar
LoadLibraryA
GetFileTime
GetCurrentThreadId
GetTempPathA
WaitForSingleObject
SetEvent
CreateEventA
GetLastError
MapViewOfFile
UnmapViewOfFile
OpenProcess
ExitThread
CopyFileA
CreateFileMappingA
WinExec
GetVersion
CreateThread
GetExitCodeThread

user32

SetProcessWindowStation
SetThreadDesktop
OpenDesktopA
OpenWindowStationA
GetMessageA
PostThreadMessageA
wsprintfA
GetInputState

advapi32

CloseServiceHandle
QueryServiceStatus
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenServiceA
OpenSCManagerA
RegQueryValueExA
CreateServiceA
StartServiceA
OpenProcessToken
CreateProcessAsUserA
ControlService
RegCreateKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sqztwzc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70566d6ea67176bd043fdc1bd0e57678

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

psapi

ws2_32

iphlpapi

wintrust

mpr

rpcrt4

kernel32

user32

advapi32

shell32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 175KB - Virtual size: 175KB

.reloc Size: 30KB - Virtual size: 31KB

sqztwzc Size: - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 175KB - Virtual size: 175KB

.reloc
Size: 30KB - Virtual size: 31KB

sqztwzc
Size: - Virtual size: 4KB